RFC: Signed JAR Packaging Policy
Simo Sorce
ssorce at redhat.com
Mon Mar 12 21:29:32 UTC 2007
On Mon, 2007-03-12 at 16:33 -0400, Warren Togami wrote:
> Nicolas Mailhot wrote:
> >
> > The problem is SUN controls the default certificate list in jvms, and
> > it's reinitialised every time you update a vendor jvm, so in practical
> > terms only SUN-approved keys "just work"
> >
>
> This might have interesting consequences for Sun's plans to GPLv3 their
> Java.
Why?
Is their own signature required for the package to work, and nothing
else will work even if rebuilt from scratch?
Simo.
More information about the Fedora-maintainers
mailing list